Skip to content

Commit

Permalink
netfilter: netns nat: fix ipt_MASQUERADE in netns
Browse files Browse the repository at this point in the history 
First, allow entry in notifier hook.
Second, start conntrack cleanup in netns to which netdevice belongs.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
  • Loading branch information
Alexey Dobriyan authored and Patrick McHardy committed Oct 8, 2008
1 parent 0e6e75a commit b8b8063
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions net/ipv4/netfilter/ipt_MASQUERADE.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,17 +119,15 @@ static int masq_device_event(struct notifier_block *this,
void *ptr)
{
const struct net_device *dev = ptr;

if (!net_eq(dev_net(dev), &init_net))
return NOTIFY_DONE;
struct net *net = dev_net(dev);

if (event == NETDEV_DOWN) {
/* Device was downed. Search entire table for
conntracks which were associated with that device,
and forget them. */
NF_CT_ASSERT(dev->ifindex != 0);

nf_ct_iterate_cleanup(&init_net, device_cmp,
nf_ct_iterate_cleanup(net, device_cmp,
(void *)(long)dev->ifindex);
}

Expand Down

0 comments on commit b8b8063

Please sign in to comment.